All Versions
135
Latest Version
Avg Release Cycle
47 days
Latest Release
235 days ago
Changelog History
Page 5
Changelog History
Page 5
-
v3.6.2 Changes
May 19, 2017- ๐ Handle safe call operator in checks
- ๐ Better handling of
if
expressions in HAML rendering - โ Remove
--rake
option - Properly handle template names without
.html
or.js
- ๐ Set template file names during rendering for better errors
- Limit Slim dependency to before 3.0.8
- ๐ Catch YAML parsing errors in session settings check
- โ Avoid warning about SQLi with
to_s
inexists?
- โก๏ธ Update RubyParser to 3.9.0
- 0๏ธโฃ Do not honor additional check paths in config by default
- ๐ Handle empty
if
expressions when finding return values - ๐ Fix finding return value from empty
if
-
v3.6.1 Changes
March 24, 2017- ๐ Fix error when using
--compare
(Sean Gransee)
- ๐ Fix error when using
-
v3.6.0 Changes
March 23, 2017- Avoid recursive Concerns
- Branch inside of
case
expressions - ๐จ Print command line option errors without modification
- ๐ Fix issue with nested interpolation inside SQL strings
- Ignore GraphQL tags inside ERB templates
- โ Add
--exit-on-error
(Michael Grosser) - Only report CVE-2015-3227 when exact version is known
- Check targetless SQL calls outside of known models
-
v3.5.0 Changes
February 01, 2017- ๐ Allow
-t None
- Fail on invalid checks specified by
-x
or-t
- โ Avoid warning about all, first, or last after Rails 4.0
- โ Avoid warning about models in SQLi
- Lower confidence of SQLi when maybe not on models
- Warn about SQLi even potentially on non-models
- Report check name in JSON and plain reports
- Treat templates without
.html
as HTML anyway - โ Add
--ensure-latest
option (tamgrosser / Michael Grosser) - โ Add
--no-summary
to hide summaries in HTML/text reports - ๐ Handle
included
block in concerns - ๐จ Process concerns before controllers
- ๐ Allow
-
v3.4.1 Changes
November 02, 2016- ๐ Show action help at start of interactive ignore
- Check CSRF setting in direct subclasses of
ActionController::Base
(Jason Yeo) - ๐ง Configurable engines path (Jason Yeo)
- ๐ Use Ruby version to turn off SymbolDoS check
- ๐ Pull Ruby version from
.ruby-version
or Gemfile - Avoid warning about
where_values_hash
in SQLi - ๐ Fix ignoring link interpolation not at beginning of string
-
v3.4.0 Changes
September 08, 2016- โ Add new
plain
report format - โ Add option to prune ignore file with
-I
- ๐ Improved Slim template support
- ๐ Show obsolete ignore entries in reports (Jonathan Cheatham)
- ๐ Support creating reports in non-existent paths
- โ Add
--no-exit-warn
- โ Add new
-
v3.3.5 Changes
August 12, 2016- ๐ Fix bug in reports when using --debug option
-
v3.3.4 Changes
August 12, 2016- โ Add generic warning for CVE-2016-6316
- Warn about dangerous use of
content_tag
with CVE-2016-6316 - โ Add warning for CVE-2016-6317
- โ Use Minitest
-
v3.3.3 Changes
July 21, 2016- ๐ Show path when no Rails app found (Neil Matatall)
- Index calls in view helpers
- ๐จ Process inline template renders
- โ Avoid warning about hashes in link_to hrefs
- โ Add documentation for authentication category
- Ignore boolean methods in render paths
- โฌ๏ธ Reduce open redirect duplicates
- ๐ Fix SymbolDoS error with unknown Rails version
- Sexp#value returns nil when there is no value
- ๐ Improve return value estimation
-
v3.3.2 Changes
June 10, 2016- ๐ Fix serious performance regression with global constant tracking